Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

FRAUDTOOL.ANTIVIRUSCENTER

 

 

 

Name:

FraudTool.AntiVirusCenter

Added:

May 14, 2011

Type:

Fraudtool

Risk:

Low

Payload:

N/A

At risk systems:

Windows 95/98/ME/XP/NT/2003

 

 

Description:

 

When FraudTool.AntiVirusCenter is executed, it installs the Rogueware, Antivirus Center:

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

and performs the following activities:

After execution of the copied .dat file it drops the following file.

c:\Documents and Settings\User\Local Settings\Temp\wrkD.tmp

It then creates / modifies the following registry key entry:

HLM\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\
StandardProfile\AuthorizedApplications\List\C:\WINDOWS\System32\rundll32.exe:

"C:\WINDOWS\System32\rundll32.exe:*:Enabled:Antivirus Center"

It displays fake threat messages and forces users to purchase the software in order to remove the fake threats:

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware


 

 

 

 

 

 

 
Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Malware problems?
We can help.

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware

Evaluate Thirtyseven4 Antivirus Now

Thirtyseven4 Antivirus | AntiMalware | AntiRootkit | AntiSpyware
Thirtyseven4 - Industry Leading Endpoint Security Solution

“Delight yourself in the Lord and he will give you the desires of your heart.” Psalm 37:4